on upgrades?
- Rohit
<https://cloudstack.apache.org>
From: Khosrow Moossavi <kmooss...@cloudops.com>
Sent: Thursday, April 5, 2018 3:15:07 AM
To: dev
Subject: Re: [DISCUSS] New VPN implementation based on IKEv2 backed by Vault
Thanks Ilya for the feedba
> > >
> > > > Kind regards,
> > > >
> > > > Paul Angus
> > > >
> > > > paul.an...@shapeblue.com
> > > > www.shapeblue.com
> > > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > > > @shapeblue
> > &g
CA.
> > >
> > >
> > >
> > >
> > > Kind regards,
> > >
> > > Paul Angus
> > >
> > > paul.an...@shapeblue.com
> > > www.shapeblue.com
> > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
>
age-
> > From: Rafael Weingärtner <rafaelweingart...@gmail.com>
> > Sent: 04 April 2018 16:51
> > To: dev <dev@cloudstack.apache.org>
> > Subject: Re: [DISCUSS] New VPN implementation based on IKEv2 backed by
> > Vault
> >
> > Thanks for sh
ndos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
>
> -Original Message-
> From: Rafael Weingärtner <rafaelweingart...@gmail.com>
> Sent: 04 April 2018 16:51
> To: dev <dev@cloudstack.apache.org>
> Subject: Re: [DISCUSS] New VPN implementation
-Original Message-
From: Rafael Weingärtner <rafaelweingart...@gmail.com>
Sent: 04 April 2018 16:51
To: dev <dev@cloudstack.apache.org>
Subject: Re: [DISCUSS] New VPN implementation based on IKEv2 backed by Vault
Thanks for sharing the details. Now I have a better
Thanks for sharing the details. Now I have a better perspective of the
proposal.It is an interesting integration of CloudStack VPN service with
Vault PKI feature.
On Wed, Apr 4, 2018 at 12:38 PM, Khosrow Moossavi
wrote:
> One of the things Vault does is essentially one
One of the things Vault does is essentially one of the thing Let's Encrypt
does,
acting as CA and generating/signing certificates.
>From the Vault website itself:
"HashiCorp Vault secures, stores, and tightly controls access to tokens,
passwords,
certificates, API keys, and other secrets in
Got it. Thanks for the explanations.
There is one other thing I do not understand. This Vault thing that you
mention, how does it work? Is it similar to let's encrypt?
On Wed, Apr 4, 2018 at 12:15 PM, Khosrow Moossavi
wrote:
> On Wed, Apr 4, 2018 at 10:36 AM, Rafael
On Wed, Apr 4, 2018 at 10:36 AM, Rafael Weingärtner <
rafaelweingart...@gmail.com> wrote:
> So, you need a certificate that is signed by the CA that is used by the VPN
> service. Is that it?
>
>
Correct, a self signed "server certificate" against CA, to be installed
directly on VR.
>
> It has
So, you need a certificate that is signed by the CA that is used by the VPN
service. Is that it?
It has been a while that I do not configure these VPN systems; do you need
access to the private key of the CA? Or, does the program simply validate
the user (VPN client) certificate to see if it is
Rafael,
We cannot use SshKeyPair functionality because the proposed VPN
implementation
does need a signed certificate and not a ssh key pair. The process is as
follow:
1) generate root CA (if doesn't exist)
2) generate bunch of intermediate steps (config urls, CRLs, role name, ...)
[I'm not
Khosrow thanks for the interesting feature. You mention two possible
methods to manage certificates; one using the CA framework, and other using
third party such as Vault and Let’s Encrypt.
Have you considered using the sshKeyPair API methods (is it part of the CA
framework?)? I mean, users
13 matches
Mail list logo